.threatBook-download-btn {
  color: #fff;
  background-color: #1A1A1A;
  border-radius: 40px;
  cursor: pointer;
  display: inline-flex;
  padding: 8px 20px;
  justify-content: center;
  align-items: center;
  gap: 8px;
  font-size: 12px;
  font-weight: 500;
  line-height: 16px;
}

.threatBook-download-btn:hover {
  background-color: #4D4D4D;
}

.threatBook-download-btn svg {
  width: 14px;
  height: 14px;
  fill: #fff;
}

a[href="https://threatbook.ai/contactus"] {
  display: none;
}

#topbar-cta-button {
  --primary-light: 26 26 26;
  --primary-dark: 26 26 26;
}

table th {
  text-align: left;
}




Attackers, especially APT group can spend a long time within a compromised network without detection, cyber-attacks by threat actors with special goals, such as stealing, spying, or disrupting cause losses of enterprises and brand crisis. Indicators of Compromise(IOC) can help SOC teams in enterprises to discover and remediate cyber-attacks with essential clues or evidence. 

You are able to accurately find out the compromised host in your network with our 99.9% high-fidelity intelligence.

Compromise Detection

ThreatBook CTI Documentation

Introduction

Welcome to ThreatBook CTI

Inbound IP Enrichment

Pivoting Analysis

Account & Limit

Research

Chat

Overview

Differentiator

Feeds Introduction

Threat Labels

Authentication

You are able to get an IP report with comprehensive intelligence labels, such as **C2, Malware, Zombie, Compromised Host, Scanner,** etc., and contextual information like **open ports, certificates,** and so on.

IP Report

Public IP addresses are obtained from the firewalls, WAF, and other security devices, which can be analyzed and investigated with our intelligence to determine if it is a C2, Zombie, Scanner, etc. 

You are able to get intelligence labels(intelligence type), relevant threat actors, virus/trojan family, complete original intelligence, and contextual information under this API. 

IP Intelligence

Domain names extracted from internal DNS, NGFW, or other security devices can be analyzed to determine whether it is a remote control server, a phishing website, etc.
 
You are able to get intelligence judgment, relevant threat actors, virus/trojan family, complete original intelligence, and contextual information under this API.

API Documentation

Enrichment

Compromise Detection

Query Parameters

Response